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The Governor, Board and Management of the Central Bank of Nigeria considers Information Security as 
top priority in all areas of its operations, as this will ensure stakeholder confidence and protection of the 
Bank’s brand. 


The Central Bank of Nigeria (CBN) is committed to preserving the confidentiality, integrity, and availability 
of all information assets throughout the organization. Information and Information Security requirements 
will continue to be aligned with organizational goals and the CBN’s Information Security Management 
System (ISMS). The management system is intended to be an enabling mechanism for information sharing, 
electronic operations, e-commerce and reducing information-related risks to an acceptable level. 


In pursuit of its primary objectives, the Bank shall establish, implement, maintain and continually improve 
the ISMS designed to meet the requirements of ISO/IEC 27001:2013 and ensure that: 


e The establishment and maintenance of the ISMS shall be achieved by identifying, assessing, 
evaluating and controlling information-related risks, providing adequate resources, in alignment 
with CBN’s Risk Management Strategy; 


e CBN’s Strategy and ISMS Framework provides the context for identifying, assessing, evaluating 
and controlling information-related risks through the establishment and maintenance of the 
ISMS. The information security Risk Assessment, Statement of Applicability and Risk Treatment 
Plan identify how information-related risks are controlled; 


e Information security continuity and contingency plans, data backup procedures, vulnerability 
Management, access control to systems and information security incident reporting are 
fundamental to this policy. \All employees of CBN and third-party vendors/ 
contractors/suppliers/stakeholders shall have the responsibility of reporting information security 
breaches; 


e CBN promotes an environment where all employees are aware of their Information Security 
responsibilities and are provided with the resources required to maintain and continually improve 
the ISMS; 


e Allemployees of CBN and relevant interested parties identified in the ISMS, shall comply with this 
policy; 


e CBN is committed to setting Information Security objectives for various functions and levels 
yearly. The Information Security objectives will be set by the various process owners and the 
achievements measured against predefined level; 


e CBN complies with applicable legal, regulatory, contractual and other requirements on 
Information Security; 


e This policy will be communicated and made available to all employees of the organization and to 
all relevant interested parties; 


e CBN is committed to systematic review and continual improvement of the ISMS. 


Signed By Designation 








